phishing

Researchers uncover ClickFix-themed phishing kit

Researchers uncover ClickFix-themed phishing kit 2025-10-08 at 16:26 By Zeljka Zorz Palo Alto Networks researchers have discovered and analyzed “IUAM ClickFix Generator”, a phishing kit that allows less skilled attackers to infect unsuspecting users with malware by using the increasingly popular ClickFix social engineering technique. “This tool allows threat actors to create highly customizable phishing […]

React to this headline:

Loading spinner

Researchers uncover ClickFix-themed phishing kit Read More »

Microsoft spots LLM-obfuscated phishing attack

Microsoft spots LLM-obfuscated phishing attack 2025-09-25 at 19:00 By Zeljka Zorz Cybercriminals are increasingly using AI-powered tools and (malicious) large language models to create convincing, error-free emails, deepfakes, online personas, lookalike/fake websites, and malware. There’s even been a documented instance of an attacker using the agentic AI coding assistant Claude Code (along with Kali Linux)

React to this headline:

Loading spinner

Microsoft spots LLM-obfuscated phishing attack Read More »

PyPI Warns Users of Fresh Phishing Campaign

PyPI Warns Users of Fresh Phishing Campaign 2025-09-25 at 19:00 By Ionut Arghire Threat actors impersonating PyPI ask users to verify their email for security purposes, directing them to fake websites. The post PyPI Warns Users of Fresh Phishing Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

PyPI Warns Users of Fresh Phishing Campaign Read More »

FBI Warns of Spoofed IC3 Website

FBI Warns of Spoofed IC3 Website 2025-09-22 at 12:47 By Ionut Arghire Threat actors likely spoofed the official government website for personal information theft and monetary fraudulent activity. The post FBI Warns of Spoofed IC3 Website appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

FBI Warns of Spoofed IC3 Website Read More »

Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader

Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader 2025-09-17 at 15:23 By Zeljka Zorz Microsoft and Cloudflare have disrupted a Phishing-as-a-Service operation selling the RaccoonO365 kit for stealing Microsoft 365 account credentials. “Using a court order granted by the Southern District of New York, [we] seized 338 websites associated with the popular service, disrupting

React to this headline:

Loading spinner

Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader Read More »

Old file types, new tricks: Attackers turn everyday files into weapons

Old file types, new tricks: Attackers turn everyday files into weapons 2025-09-17 at 07:44 By Anamarija Pogorelec Attackers are finding new ways to blend in with everyday business tools, hiding their activity inside formats and processes that workers and IT teams often trust. The latest quarterly Threat Insights Report from HP Wolf Security shows how

React to this headline:

Loading spinner

Old file types, new tricks: Attackers turn everyday files into weapons Read More »

Ransomware Losses Climb as AI Pushes Phishing to New Heights

Ransomware Losses Climb as AI Pushes Phishing to New Heights 2025-09-09 at 16:39 By Kevin Townsend Based on real-world insurance claims, Resilience’s midyear report shows vendor risk is declining but costly, ransomware is evolving with triple extortion, and social engineering attacks are accelerating through AI. The post Ransomware Losses Climb as AI Pushes Phishing to

React to this headline:

Loading spinner

Ransomware Losses Climb as AI Pushes Phishing to New Heights Read More »

Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms

Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms 2025-08-29 at 14:19 By Zeljka Zorz A recently uncovered phishing campaign – carefully designed to bypass security defenses and avoid detection by its intended victims – is targeting firms in industrial manufacturing and other companies critical to various supply chains, Check Point

React to this headline:

Loading spinner

Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms Read More »

Hackers Weaponize Trust with AI-Crafted Emails to Deploy ScreenConnect

Hackers Weaponize Trust with AI-Crafted Emails to Deploy ScreenConnect 2025-08-27 at 20:01 By Kevin Townsend AI-powered phishing attacks leverage ConnectWise ScreenConnect for remote access, underscoring their sophistication. The post Hackers Weaponize Trust with AI-Crafted Emails to Deploy ScreenConnect appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this

React to this headline:

Loading spinner

Hackers Weaponize Trust with AI-Crafted Emails to Deploy ScreenConnect Read More »

What CISOs can learn from Doppel’s new AI-driven social engineering simulation

What CISOs can learn from Doppel’s new AI-driven social engineering simulation 2025-08-27 at 07:51 By Sinisa Markovic Doppel has introduced a new product called Doppel Simulation, which expands its platform for defending against social engineering. The tool uses autonomous AI agents to create multi-channel simulations that mirror how attackers operate across email, SMS, messaging apps,

React to this headline:

Loading spinner

What CISOs can learn from Doppel’s new AI-driven social engineering simulation Read More »

URL-based threats become a go-to tactic for cybercriminals

URL-based threats become a go-to tactic for cybercriminals 2025-08-21 at 07:34 By Help Net Security Cybercriminals are using advanced social engineering and AI-generated content to make malicious URLs difficult for users to identify, according to Proofpoint. Whether through email, text messages, or collaboration apps, URL-based threats now dominate the cyber threat landscape. Attackers are not

React to this headline:

Loading spinner

URL-based threats become a go-to tactic for cybercriminals Read More »

Cybercriminals are getting personal, and it’s working

Cybercriminals are getting personal, and it’s working 2025-08-07 at 09:15 By Help Net Security Cybercriminals are deploying unidentifiable phishing kits (58% of phishing sites) to propagate malicious campaigns at scale, indicating a trend towards custom-made or obfuscated deployments, according to VIPRE Security. These phishing kits can’t easily be reverse-engineered, tracked, or caught. AI makes them

React to this headline:

Loading spinner

Cybercriminals are getting personal, and it’s working Read More »

UK Student Sentenced to Prison for Selling Phishing Kits

UK Student Sentenced to Prison for Selling Phishing Kits 2025-07-25 at 16:19 By Ionut Arghire Ollie Holman was sentenced to prison for selling over 1,000 phishing kits that caused estimated losses of over $134 million. The post UK Student Sentenced to Prison for Selling Phishing Kits appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

UK Student Sentenced to Prison for Selling Phishing Kits Read More »

High-Value NPM Developers Compromised in New Phishing Campaign

High-Value NPM Developers Compromised in New Phishing Campaign 2025-07-24 at 14:22 By Ionut Arghire Hackers have injected malware into popular NPM packages after compromising several developer accounts in a fresh phishing campaign. The post High-Value NPM Developers Compromised in New Phishing Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

High-Value NPM Developers Compromised in New Phishing Campaign Read More »

Phishing campaign targets U.S. Department of Education’s G5 portal

Phishing campaign targets U.S. Department of Education’s G5 portal 2025-07-23 at 13:04 By Anamarija Pogorelec A new phishing campaign is targeting users of the U.S. Department of Education’s G5 portal, a site used by educational institutions and vendors to manage grants and federal education funding. Threat researchers at BforeAI uncovered a cluster of lookalike domains

React to this headline:

Loading spinner

Phishing campaign targets U.S. Department of Education’s G5 portal Read More »

Phishing simulations: What works and what doesn’t

Phishing simulations: What works and what doesn’t 2025-07-23 at 08:31 By Sinisa Markovic Phishing is one of the oldest and most effective scams used by cybercriminals. No one is immune to them, not even internet security experts, as seen in the case of Troy Hunt, who recently fell for a phishing email. Before AI became

React to this headline:

Loading spinner

Phishing simulations: What works and what doesn’t Read More »

Thirteen Romanians Arrested for Phishing the UK’s Tax Service

Thirteen Romanians Arrested for Phishing the UK’s Tax Service 2025-07-14 at 05:16 By Mike Lennon Investigators from HMRC joined more than 100 Romanian police officers to arrest the 13 Romanian suspects in the counties of Ilfov, Giurgiu and Calarasi.  The post Thirteen Romanians Arrested for Phishing the UK’s Tax Service appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Thirteen Romanians Arrested for Phishing the UK’s Tax Service Read More »

You can’t trust AI chatbots not to serve you phishing pages, malicious downloads, or bad code

You can’t trust AI chatbots not to serve you phishing pages, malicious downloads, or bad code 2025-07-03 at 16:03 By Zeljka Zorz Popular AI chatbots powered by large language models (LLMs) often fail to provide accurate information on any topic, but researchers expect threat actors to ramp up their efforts to get them to spew

React to this headline:

Loading spinner

You can’t trust AI chatbots not to serve you phishing pages, malicious downloads, or bad code Read More »

Microsoft 365 Direct Send Abused for Phishing

Microsoft 365 Direct Send Abused for Phishing 2025-06-27 at 11:08 By Ionut Arghire Hackers are abusing the Microsoft 365 Direct Send feature to deliver phishing emails that bypass email security controls. The post Microsoft 365 Direct Send Abused for Phishing appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

Microsoft 365 Direct Send Abused for Phishing Read More »

Scroll to Top